GLBA Gap Analysis
Our GLBA Gap Analysis is performed in conjunction with an Internal Systems Vulnerability Assessment to evaluate your financial institution’s compliance with respect to safeguarding customer and member information per the Gramm-Leach-Bliley Act. It entails a comprehensive review of your existing information security posture.
Our process reviews your entire enterprise from a “safeguarding customer and member information” point of view in order to evaluate compliance, as well as provide an informed opinion. Our GLBA Gap Analysis provides a baseline for your current state of practice and it will be measured against industry standards, regulatory GLBA compliance, and SCA best practices.
FFIEC Cybersecurity Assessment
Our Cybersecurity Assessment services are necessary to analyze your cybersecurity posture against the FFIEC Cybersecurity Assessment Tool or the NCUA Automated Cybersecurity Examination Tool (ACET). This requires a comprehensive review of your institution’s current information security posture. The analysis provides a baseline for your existing practices using the respective FFIEC or NCUA assessment tool, industry standards, agency guidance and SCA best practices.
Our information security analysts will verify and validate the integrity of your cybersecurity posture with a unique process that covers all five cybersecurity domains keeping your target cybersecurity maturity level in mind. Our Cybersecurity Assessment will deliver a completed FFIEC or NCUA assessment tool, help your financial institution prepare for regulatory cybersecurity scrutiny and enhance your cybersecurity posture.
For non-financial institution companies who wish to evaluate their cybersecurity posture, our Cybersecurity Assessment is available based on the NIST Cybersecurity Framework.
Regardless of the size of your practice, healthcare providers are required by law to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.
Our information security and compliance analysts will conduct an in-depth assessment to evaluate your organization’s compliance with the requirements of HIPAA and HITECH. Examples of security areas we review include software, hardware, media, network, host/system, procedural, and workstation security along with disaster recovery/business continuity planning.
HIPAA Audit Readiness Program
With the continuation of the OCR’s audit program, it is more important now than ever to make sure you are protecting your practice. Through a bundle of HIPAA specific information security services, our HIPAA Audit Readiness Program will help you protect your practice and prepare for an OCR HIPAA audit.
In the event that your practice is audited, SCA will be there for you as your HIPAA security partner. Our HIPAA Audit Readiness Program includes a HIPAA Security Risk Analysis, HIPAA Privacy and Information Security Policy and Procedures, Employee Information Security Awareness Training and vCISO consulting.
Website Compliance/ADA Review
Our Website Compliance Review will assess the compliance of your organization’s home page and all internally linked web pages. Security Compliance Associates will utilize multiple internet browsers and web development tools to review the website for website construction, ease of navigation, possible security issues and compliance with relevant state and federal laws and regulations.
To help meet the requirements of the Americans with Disabilities Act (ADA) and other web development consortiums, we also evaluate webpage accessibility, access to content, audio and video text equivalents and alternatives provided for people with disabilities that are unable to use computers to access online services.